Security concerns have increased enforcement measures that are taken before allowing a client (e.g., a computer of a user) to access a resource (e.g., ability to download/upload data, ability to access a private network) provided by a destination server. Often, an enforcement device, situated in a network between the client and the destination server, requires an administrator or a user of the client to install an agent on the client to gather information about the client and to push the information from the client to a policy engine server. The policy engine server determines whether to allow the client to access the resource of the destination server based on the gathered information and communicates that determination to the enforcement device. One problem with this approach is that a user of the client is currently able to turn off the locally-installed agent and attempt to bypass security measures. Another problem is that compatibility issues (e.g., driver conflicts) may arise between the agent and other software applications that the user wants to execute on the client. As a result, the agent might hinder the user's ability to perform actions other than accessing the destination server. Also, an agent for a destination might not run on a particular client whose hardware and/or software configurations are not compatible with the agent.
Another growing trend is the virtualization of Central Processing Units (CPUs) to run independent virtual systems. Virtualized CPUs may implement multiple “virtual machines.” A virtual machine (VM) server may execute the multiple VMs simultaneously. A virtual machine (VM) may execute an individual guest operating system (OS) for a client that uses the VM. Currently, in order to allow clients to access a resource of a destination server via guest OSs of a VM, a separate agent needs to run on each one of the guest OSs. Accordingly, similar issues that arise with running an agent on each individual client may arise when running the agent on each one of the guest OSs corresponding to the clients.
Additionally, an administrator of a VM needs to manually pre-install and configure an agent, needed to access a resource of a destination server, for each guest image on the VM. Policy server engines may periodically update what actions their corresponding agents need to perform to provide access. As a result, further administrative overhead is consumed when an administrator needs to determine whether the agents are up to date and manually reconfigure/update the multiple agents of the VM after each one of the updates. Also, a user may manually create a fresh VM and fail to install an agent on the VM. The fresh VM, without the agent, would not be able to facilitate access to a destination server associated with the agent.